<?
/*
Bitsand - a web-based booking system for LRP events
Copyright (C) 2006 Russell Peter Phillips

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*/

include ('inc_head_db.php');
include ('inc_head_html.php');

//Get access level for logged-in user
$key = CRYPT_KEY;
$sql = "SELECT AES_DECRYPT(plAccess, '$key') AS dAccess FROM players WHERE plPlayerID = $PLAYER_ID";
$result = mysqli_query ($link, $sql);
$row = mysqli_fetch_assoc ($result);
$access = $row ['dAccess'];
?>

<h1><?=TITLE?></h1>

<h2>Next Event: The Ceremony of Innocence</h2>

<?
include ('inc_event.php');
echo $strAnnounce;

if ($_GET ['green'] != '')
	echo "<p class = 'green'>" . htmlentities ($_GET ['green']) . "</p>\n";
if ($_GET ['warn'] != '')
	echo "<p class = 'warn'>" . htmlentities ($_GET ['warn']) . "</p>\n";
//Get bookings details
$sql = "SELECT * FROM bookings WHERE bkPlayerID = $PLAYER_ID";
$result = mysqli_query ($link, $sql);
$row = mysqli_fetch_assoc ($result);
$sDateIC = $row ['bkDateICConfirmed'];
$sOOC = $row ['bkDateOOCConfirmed'];
$sDateConfirm = $row ['bkDatePaymentConfirmed'];

//Check if player has entered IC & OOC data
$sql = "SELECT chName FROM characters WHERE chPlayerID = $PLAYER_ID";
$result = mysqli_query ($link, $sql);
$iIC = mysqli_num_rows ($result);

//Check for OOC data needs to check for some actual data, as a record will always exist
$key = CRYPT_KEY;
$sql = "SELECT AES_DECRYPT(plFirstName, '$key') AS dFirstName, AES_DECRYPT(plBookAs, '$key') AS dBookAs " .
	"FROM players WHERE plPlayerID = $PLAYER_ID";
$result = mysqli_query ($link, $sql);
$row = mysqli_fetch_assoc ($result);
$BookAs = $row ['dBookAs'];
if ($row ['dFirstName'] != '')
	$bOOC = True;
else
	$bOOC = False;
?>

<p>
In order to book this event online you must confirm your OOC and IC information and then pay, either via paypal or by cheque, cash or postal order. Once your payment has been confirmed you will be listed in the booking list.<br>
<b>Note:</b> Monsters do not have to pay for anything, but do need to be marked as &quot;paid&quot; by an admin. If you are booking as a monster, e-mail your player ID (<?=PID_PREFIX . sprintf ('%03s', $PLAYER_ID)?>) to Vikiy or Russ and they will do this for you. <i>You will still need to enter and confirm both IC and OOC details</i>.
</p>

<p>
<?
if (($sOOC == '' || $sOOC == '0000-00-00') && $bOOC === False)
	echo "<a href = 'ooc_form.php'>Enter OOC information</a><br>\n";
elseif (($sOOC == '' || $sOOC == '0000-00-00') && $bOOC === True) {
	//$bBookingClosed is used to determine whether or not the desired booking type is closed.
	//If it is, the user gets the option to edit their OOC details to select a different booking type
	$bBookingClosed = False;
	//Check that bookings are still available
	if ($BookAs == 'Player' && ALLOW_PLAYER_BOOKINGS === False) {
		echo "<span class = 'sans-warn'>Player bookings are closed</a>. You cannot book as a character for this event.</span>\n";
		$bBookingClosed = True;
	}
	elseif ($BookAs == 'Monster' && ALLOW_MONSTER_BOOKINGS === False) {
		echo "<span class = 'sans-warn'>Monster bookings are closed</a>. You cannot book as a monster for this event.</span>\n";
		$bBookingClosed = True;
	}
	elseif ($BookAs == 'Staff' && ALLOW_STAFF_BOOKINGS === False) {
		echo "<span class = 'sans-warn'>Staff bookings are closed</a>. You cannot book as staff for this event.</span>\n";
		$bBookingClosed = True;
	}
	else
		echo "<a href = 'ooc_view.php' class = 'sans-warn'>Confirm OOC information</a><br>\n";
	if ($bBookingClosed)
		echo " You may <a href = 'ooc_form.php'>edit your OOC information</a> to select a different booking type\n";
}
else
	echo "<a href = 'ooc_view.php'>OOC information has been confirmed</a><br>\n";
?>
</p>

<p>
<?
if (($sDateIC == '' || $sDateIC == '0000-00-00') && $iIC == 0)
	echo "<a href = 'ic_form.php'>Enter IC information</a><br>\n";
elseif (($sDateIC == '' || $sDateIC == '0000-00-00') && $iIC > 0)
	echo "<a href = 'ic_view.php' class = 'sans-warn'>Confirm IC information</a><br>\n";
else
	echo "<a href = 'ic_view.php'>IC information has been confirmed</a><br>\n";
?>
</p>

<p>
<?
//PayPal link
if ($sOOC == '' || $sOOC == '0000-00-00' || $sDateIC == '' || $sDateIC == '0000-00-00')
	echo "You cannot pay until OOC and IC information is confirmed.<br>\n";
elseif (USE_PAY_PAL === True) {
	if ($sDateConfirm == '' || $sDateConfirm == '0000-00-00') {
		echo "To pay via PayPal, click on one of the buttons below:<br>";
		echo "<table><tr>\n";
		echo "<td class = 'mid'>\n";
		echo "<form target='paypal' action='https://www.paypal.com/cgi-bin/webscr' method='post'>\n";
		echo "<input type='hidden' name='cmd' value='_xclick'>\n";
		echo "<input type='hidden' name='business' value='" . PAYPAL_EMAIL . "'>\n";
		echo "<input type='hidden' name='item_name' value='" . PAYPAL_ITEM_NAME_1 . PID_PREFIX . sprintf ('%03s', $PLAYER_ID) . "'>\n";
		echo "<input type='hidden' name='currency_code' value='GBP'>\n";
		echo "<input type='hidden' name='amount' value='" . PAYPAL_AMOUNT_1 . "'>\n";
		echo "<input type='hidden' name='no_shipping' value='1'>\n";
		echo "<input type='image' src='http://images.paypal.com/images/x-click-but01.gif' name='submit' alt='Make payments with PayPal - fast, free and secure!'>\n";
		echo "</td>\n";
		echo "</form>\n";
		if (PAYPAL_ITEM_NAME_2 != '') {
			echo "<td class = 'mid'>\n";
			echo "<form target='paypal' action='https://www.paypal.com/cgi-bin/webscr' method='post'>\n";
			echo "<input type='hidden' name='cmd' value='_xclick'>\n";
			echo "<input type='hidden' name='business' value='" . PAYPAL_EMAIL . "'>\n";
			echo "<input type='hidden' name='item_name' value='" . PAYPAL_ITEM_NAME_2 . PID_PREFIX . sprintf ('%03s', $PLAYER_ID) . "'>\n";
			echo "<input type='hidden' name='currency_code' value='GBP'>\n";
			echo "<input type='hidden' name='amount' value='" . PAYPAL_AMOUNT_2 . "'>\n";
			echo "<input type='hidden' name='no_shipping' value='1'>\n";
			echo "<input type='image' src='http://images.paypal.com/images/x-click-but01.gif' name='submit' alt='Make payments with PayPal - fast, free and secure!'>\n";
			echo "</td>\n";
			echo "</form>\n";
		}
		if (PAYPAL_ITEM_NAME_3 != '') {
			echo "<td class = 'mid'>\n";
			echo "<form target='paypal' action='https://www.paypal.com/cgi-bin/webscr' method='post'>\n";
			echo "<input type='hidden' name='cmd' value='_xclick'>\n";
			echo "<input type='hidden' name='business' value='" . PAYPAL_EMAIL . "'>\n";
			echo "<input type='hidden' name='item_name' value='" . PAYPAL_ITEM_NAME_3 . PID_PREFIX . sprintf ('%03s', $PLAYER_ID) . "'>\n";
			echo "<input type='hidden' name='currency_code' value='GBP'>\n";
			echo "<input type='hidden' name='amount' value='" . PAYPAL_AMOUNT_3 . "'>\n";
			echo "<input type='hidden' name='no_shipping' value='1'>\n";
			echo "<input type='image' src='http://images.paypal.com/images/x-click-but01.gif' name='submit' alt='Make payments with PayPal - fast, free and secure!'>\n";
			echo "</td>\n";
		}
		echo "</form>\n";
		echo "</tr>\n<tr><td class = 'mid'>Player booking,<br>no meal ticket, &pound;" . PAYPAL_AMOUNT_1 . "</td>\n";
		echo "<td class = 'mid'>Player booking<br>with meal ticket, &pound;" . PAYPAL_AMOUNT_2 . "</td>\n";
		echo "<td class = 'mid'>Meal ticket only,<br>&pound;" . PAYPAL_AMOUNT_3 . "</td>\n";
		echo "</tr></table>\n";
		echo "<br>\n<i>Note that you will not be listed as paid until an admin has confirmed receipt of your payment</i>";
	}
	else
		echo "<span class = 'sans-green'>Receipt of your payment has been confirmed, and you are now fully booked.</span>";
}
?>
</p>

<?
//Get access level for logged-in user
$key = CRYPT_KEY;
$sql = "SELECT AES_DECRYPT(plAccess, '$key') AS dAccess FROM players WHERE plPlayerID = $PLAYER_ID";
$result = mysqli_query ($link, $sql);
$row = mysqli_fetch_assoc ($result);
//Show link to admin page if user is an admin
if ($row ['dAccess'] == 'admin')
	echo "<p>\n<a href = 'admin.php'>Admin</a>\n</p>\n";
include ('inc_foot.php');
?>
